Reference Guide
Manage Policies
198
Process
Injection:
Remote Thread
Creation
Alert
Ignore
Alert
Block
Terminate
Specify the action t
o take when a remote thread creation
threat is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the D
ell Server.
Block
- Block the process call if an application attempts
to
call a memory violation process. The application that
made the call is allowed to continue to run.
Termina
te - Block the process call if an application
attempts to call a memory viola
tion process and terminate
the application that made
the call.
Remote Th
read Creation - A process has created a new
thread in another process. A process's threads are usually
only
created by that same process. This is generally used
by an attacker to activ
ate a malicious presence that has
been injected into
another process.
Th
e Remote Thread Creation process injection affects
Windows and macOS operating systems.
Process
Injection:
Remote APC
Scheduled
Alert
Ignore
Alert
Block
Terminate
Specify the action t
o take when a remote APC scheduled
threat is detecte
d.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
th
e Dell Server.
Block
- Block the process call if an application attempts
to c
all a memory violation process. The application that
made the call is al
lowed to continue to run.
Terminate
- Block the process call if an application
attempts to call a memory vi
olation process and terminate
the application that made the call.
Remote APC
Scheduled - A process has diverted the
execution of
another process's thread. This is generally
used by an attacker to activate a malicious presence that
has been injected into an
other process.
The Remote APC Scheduled process injection affects Windows
ope
rating systems. This policy does not apply to Mac
cl
ients.
Process
Injection:
Remote DYLD
Injection (Mac
OS X only)
Alert
Ignore
Alert
Block
Terminate
Specify the action to take
when a remote DYLD injection
threat is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a
memory violation process. The application that
ma
de the call is allowed to continue to run.
Terminate
- Block the process call if an application
atte
mpts to call a memory violation process and terminate
the application that made the call.
DYLD Injection
- An environment variable has been set to